While we continue development on the 5.1 update, we need to release a patch to address some vulnerabilities that have recently been discovered within Valve’s Source engine.

Our 5.0.6 patch is primarily to fix this recently discovered exploit in all Source engine games. Using this exploit, a server running malicious custom content can potentially execute arbitrary code on your computer. Though there have been no instances of this exploit spotted in the wild, due to the nature of this vulnerability we urge everyone to update as soon as possible.

If you launch the game without updating you will receive a notification that your game needs to be updated on the main menu.

Since everyone has to go through the trouble of updating, there are also a few essential fixes and features that we decided are worth including as well. Servers are not affected by this exploit, but we’ve included a server patch as well to fix a few other bugs. Read the full changelist here.

Though most of Valve’s popular titles have been patched at this point, if you’re planning on playing a Source engine game you’re not sure has been patched, we would recommend setting the following console variables:cl_downloadfilter nonecl_allowdownload 0

These settings will disable all client-side custom content including sprays and maps, which will eliminate the attack vector this particular exploit uses. In most games this will probably not be necessary, but it could be worth it if security is a concern for you. Stay safe.